Network usage is increasing at a rapid pace, thanks in part to the proliferation of mobile devices and enterprise-wide BYOD adoption. Users are accessing the network more often and in more ways than administrators can easily track. At the same time, as usage increases, the infrastructure supporting those users becomes increasingly complex and time-consuming to control. Despite significant improvements in network automation, human administrators quickly become a bottleneck when the number of users, devices and applications in a network expands rapidly. Networks are also constantly in a state of flux, as they not only grow but are reconfigured to meet changing business needs.
A lack of visibility and awareness of how the network is being used only adds to the problem. As a result, the concept of the Software Defined Networking (SDN) has been getting a great deal of attention because of the benefits it provides network administrators. SDN is an architectural networking paradigm that incorporates key characteristics, including:
- A centralized point of management & control to provide global network orchestration from a single point of management.
- Programmable interfaces to automate and orchestrate network fabric configuration.
- Open infrastructure to enable rapid integration with any northbound application from any vendor.
Simply put, SDN is a new approach to managing and configuring networks that create a dynamic and agile infrastructure aimed at the deployment of new services through common APIs. As Gartner puts it, for this type of architecture, “the control and data planes are decoupled, network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from network applications and features.” With SDN, the data plane can be controlled at a more granular level using the so-called set of southbound APIs, providing the tools for abstracting the underlying network infrastructure from applications and integrating with those using northbound APIs. As a result, enterprises and carriers gain unprecedented automation and network control, enabling them to build highly scalable and flexible networks that readily adapt to changing business needs.
SDN is really about a programmatic interface, otherwise known as the northbound API (typically XML), in the network fabric that allows network administrators, other IT teams and applications to provision new services on the fly. SDN services include:
- Network virtualization beyond only vSwitch integration
- New service provisioning in an orchestrated or overlay approach
- Traffic engineering
This translates into benefits, which are operational and functional and are tied to these new services. A higher degree of agility, new services, lower operational cost and a simplified network operation and design is the result.
Different deployment models
The agility, capability and efficiency of SDN is tied to its architecture, and while most of the early chatter focused on implementation details and a very centralized approach using the OpenFlow protocol for the southbound API, that’s not the only architecture that’s available. SDN can be deployed in a few different ways, which Gartner defines as switched-based, overlay and hybrid. Hybrid architectures provide a scalable, agile and deployable solution that takes also the challenges of interoperability into account.
The switch-based approach uses OpenFlow, but has several scalability challenges since most if not all control plane functions are centralized in a centralized controller. When flows are managed centrally, this does not allow real-time decisions anymore, so only pre-provisioned connectivity is possible. This is a good choice for carriers and specific data center use cases, as the amount of flows that need to be managed in larger networks is just too high. This is important because, when using a flow-based system, the first packet can be used to make very sophisticated decisions in software, and thus in the controller or even other applications. Subsequently all packets of that flow are switched in hardware.
When using a centralized SDN controller design with commodity ASICs, scaling challenges are present for both the control plane and the data plane. To combat this, the definition of a flow becomes coarse, so fewer new decisions need to be made in the control plane and fewer flows need to be programmed in the data plane. This is good for connectivity but not usable for visibility and control on the application layer, as one loses important features such as Netflow and ACL, among others. Another way to combat scaling problems is to pre-provision the flows in the data plane so the controller doesn’t get overwhelmed with new flow requests. For this to work, you must know in advance who wants to talk to whom. As with the previous strategy, this can be used for connectivity services, but it’s not as beneficial in other scenarios.
The overlay approach is primarily targeted at network virtualization in a cloud data center, where the SDN controller is used to provision connectivity and establish new services via tunnels between virtualized compute and storage resources, in addition to other services like ADC. The challenge here is that all services that need to participate have to support these new tunneling techniques, be it VXLAN or others. This limits the choice of vendors and solutions available not only today but also for the foreseeable future if you consider cross vendor integration. Furthermore, the breakout from that tunnel-ecosystem requires gateways that are limited in functionality and scale/performance. In addition, topology maintenance, address learning, broadcast and multicast handling need to be replicated on the tunneling layer as well. As tunneling techniques have been used in the past to transit non-managed domains, today’s techniques take the same approach. Visibility and control as well as traffic management capabilities are lost in the physical infrastructure, which has many implications as to how those networks are managed.
Hybrid approaches address the scalability challenges with a distributed control plane while still providing centralized control and northbound APIs. Flows are managed in real time in a control-plane component on the switches (data plane) themselves to scale to millions of flows. Layered on top is a distributed control plane at a software layer that provisions those local control plane entities, along with a central control system that configures the whole fabric as a single entity. This provides the necessary abstraction as well a rich set of northbound APIs to integrate with other IT applications for orchestration and automation.
So we can see that all SDNs are not created equal. The architecture makes the difference and an application-aware data plane design should be a large consideration.
The real benefit of SDN comes from making the network more programmable by operators, enterprises, independent software vendors and users—not just equipment manufacturers. This is done using common programming environments, which gives all parties new opportunities to drive revenue and differentiation. The main benefits of SDN include the following:
New services innovation and agility – An open API enables innovation with technology, integration partners and customers for a uniquely rich network.
High-quality user experience and scalability – The network fabric must be application and flow-aware while scaling to meet current and future requirements.
Operational simplicity – Completely centralized management and control across the whole network fabric for any device, user and application.
Improved orchestration and efficiency – The storage, compute and networking resources are fully orchestrated to automate the deployment of new services.
Network-based Business Intelligence and control – SDN not only provides an awareness of what business applications are used, by whom, where and when, but also enables optimization and a higher utilization of the existing network.
When properly implemented, SDN creates a dynamic and flexible network architecture that protects existing investments while future-proofing the network.
The most common use case cited for SDN typically comes with automating the virtualized data center. While the ability to automatically provision and manage virtual machines for data center control and orchestration is likely to be the application initially adopted, SDN is applicable to almost any complex network challenge. A case that isn’t regularly discussed is device management. IT vendors that offer solutions such as MDM, firewalls, end-user operating systems and more are doing their part to combat the drawbacks of BYOD technology; however, there isn’t a single solution that solves everything, and that’s where SDN comes in. The most comprehensive solution will be the one that can incorporate aspects of each of the solutions above. This requires the ability to integrate the intelligence and resources of multiple systems, and that’s the value that SDN-based solutions with open APIs offer.
As we look to the coming year, SDN will become the leading technology solution for managing networks in the enterprise, as the operational advantages are just too compelling. However, it will be implemented differently than in large-scale data centers, with much more of a focus on service delivery and user experiences rather than network virtualization and traffic engineering.
Markus Nispel is the Chief Technology Strategist for Enterasys. Working closely with key customers, his focus is on strategic product development across all key technology areas for Enterasys, and especially in the area of security, namely Enterasys Network Access Control (NAC) solutions.